Running Linux on the Xbox

Modifying an Xbox can increase your PC hardware knowledge and provide you with a useful little system.

In November 2001, Microsoft entered the
video console business with the Xbox, a machine that continues to
outperform all other consoles in terms of processor speed and video
performance. As with the SEGA Dreamcast, hackers started to port
Linux to the Xbox in May 2002. Only three months later, the first
kernel messages from an Xbox running Linux were published on the
Internet. Now, a year after the start of the project, Linux runs
reliably on all versions of the Xbox, and Xbox Linux is ready for
daily use.

Xbox Hardware

The Xbox is driven by a 733MHz Intel Celeron processor and
contains 64MB of DDR RAM (shared with video), an NVIDIA GeForce3
graphics processing unit (GPU), an 8GB or 10GB hard disk, a DVD-ROM
drive, Ethernet connectivity, four USB-style controller connectors
and TV-out (Figure 1 lists the details). This hardware overview
sounds more like the description of a decent PC than a gaming
console. The Xbox does not merely contain some typical PC
components, such as an Intel CPU or an NVIDIA GPU, it actually
is a PC in a smaller black case, with minor
modifications. The Xbox chipset consists of the NV2A Northbridge
and the MCPX Southbridge, both from NVIDIA. The NVIDIA nForce
chipset for PCs is almost the same as the Xbox chipset. Its
Southbridge IC is labeled MCP and contains exactly the same
functionality as the MCPX: two USB controllers, an IDE controller,
an Ethernet device and AC97-compatible Dolby Digital sound.

The background of the Xbox is simple. Because Microsoft
already had an operating system, system libraries and the DirectX
libraries for the PC, they decided to build the Xbox based on this
well-known architecture. Initially, Microsoft wanted AMD to produce
the CPU and the chipset for the Xbox; the video chip would come
from NVIDIA. But Microsoft later changed its mind, switching to
Intel for the CPU. So NVIDIA licensed the chipset from AMD,
manufactured the ICs for the Xbox and sold the same design as
nForce for the PC market.

The similarity of the Xbox to a PC not only made the process
of installing and running Linux a lot easier, it made a lot more
sense for people to use the Xbox as a computer. Unlike Dreamcast,
PlayStation 2 or the GameCube, the Xbox always is equipped with a
hard disk and Ethernet. And the PC hardware also makes it possible
to use standard Linux distributions on the Xbox, with minor
modifications.

Because of its price and its compactness, an Xbox running
Linux can be used as a desktop computer (see Figure 2) or a server,
replacing a standard PC, and because of its TV connectivity, it
also can be used as an entertainment device for watching video or
listening to audio.

Despite the similarity of the Xbox to a standard PC,
installing Linux on an Xbox is not simply a matter of inserting an
installation CD. For one thing, the Xbox boot process is a lot
different from a PC's. PCs have a PCBIOS (basic I/O system) in ROM,
which contains 16-bit library routines for keyboard, video and hard
disk I/O, as well as a simple bootloader that reads the first
sector from a storage device and runs it. The Xbox has no such
BIOS. Its 256KB ROM image contains a statically linked,
stripped-down, Windows 2000-based kernel, which runs the moment the
Xbox is turned on. The hard disk—which is locked by an individual
ATA password, so it cannot be read when connected to a computer or
replaced with another hard disk—does not contain any operating
system components. When the Xbox kernel is started, it unlocks the
hard disk and tries to run the default.xbe file from a CD or DVD.
If such a file cannot be found, it runs xboxdash.xbe from hard
disk. This is the system configuration and audio CD player
application permanently stored on the hard disk.

These .xbe files are executables, which are a lot like Linux
ELF files, except they are signed digitally with Microsoft's
2048-bit RSA key. Changing a single byte within the file makes the
signature invalid, and the file will be rejected by the Xbox
kernel. Because of the lack of Microsoft's private key, the Xbox
Linux Project cannot reproduce a valid signature; thus, we cannot
create executables accepted by a standard Xbox. Two approaches are
possible to get your own code running: replace the ROM or find a
game with a bug that can be exploited.

The standard way for most people to get Linux running on an
Xbox is to open the box and install a replacement ROM chip that
overrides the onboard ROM chip. This so-called modchip can contain
either a hacked version of Microsoft's ROM, which has the signature
test, the hard disk test and some other things disabled, or a
clean-room ROM implementation that gives the Xbox the personality
of a regular PC. Although Xbox Linux supplies a bootloader that
makes Linux run on hacked Microsoft ROMs (which Linux sites do not
supply, but can be found on the Internet), the use of the Xbox
Linux Project's clean-room implementation, called Cromwell, is
recommended for legal reasons. The Cromwell ROM does not run Xbox
games.

Figure 3. The Xbox dissected: the Philips DVD drive
is on the left, and the Seagate hard disk is on the right. The
green board in the background is a modchip that is, in this case,
connected to a computer's parallel port.

Modchips that replace the onboard ROM are available from many
video game hardware stores on the Internet for about $50 US. The
first generation of modchips had to be soldered into the Xbox board
parallel to the original Flash chip, which required about 30 wires.
Second-generation modchips were connected to the LPC bus on the
Xbox board, and they typically required only nine wires. Current
modchips can be screwed onto the board without any soldering. They
usually ship empty and can turn themselves off completely, so if
you use the Xbox Linux Clean BIOS, you still can run Xbox
games.

Because the original ROM contents are stored in a
reprogrammable Flash chip on the Xbox board, it also is possible to
overwrite the Flash contents in order to have a permanently modded
machine, without installing any additional hardware devices. This
can be done by installing a modchip, bridging two pairs of points
on the board to disable the write protection of the Flash IC,
running Linux, disabling the modchip and, finally, running an
application called raincoat in Linux to reprogram the onboard
Flash. Now, the modchip can be removed permanently, so you can use
one modchip to convert a lot of Xboxes to Linux.

Recently, an anonymous researcher found an exploitable bug in
the Electronic Arts game 007 Agent Under Fire.
In a post on an Xbox forum, he explained how to use a modified
saved game to run the Linux bootloader. By connecting the
write-protection bridges on the board, this method can be used to
reprogram the onboard Flash within a Linux instance that has been
started by this modified saved game, without even temporarily
installing a modchip. This is the cheapest and most simple way to
make an Xbox Linux-compatible.

All these methods apply only to Xbox consoles that have been
on the market to date. Microsoft keeps changing the Xbox design. By
the time you read this article, a new board layout of the Xbox
might have the LPC bus or the reprogrammability of the onboard
Flash removed. Refer to the Xbox Linux web site for the latest
information on this topic.

Comment viewing options

Very interesting, but there is a mistake: a Intel processor is Celeron or Pentium III, It can't be both at same time. Celeron and Pentium are trademarks of Intel for different microprocessors. Look at http://www.intel.com/products/processor/index.htm

Trending Topics

Webinar: 8 Signs You’re Beyond Cron

Scheduling Crontabs With an Enterprise Scheduler
11am CDT, April 29th

Join Linux Journal and Pat Cameron, Director of Automation Technology at HelpSystems, as they discuss the eight primary advantages of moving beyond cron job scheduling. In this webinar, you’ll learn about integrating cron with an enterprise scheduler.